[BlueOnyx:01406] Re: FTP issues
Michael Stauber
mstauber at blueonyx.it
Mon Jun 15 21:55:39 -05 2009
Hi Alan,
> Thanks, Chris...cleaned out rpmforge, and downgraded phpMyAdmin as you
> suggested. All's well with phpMyAdmin now. But, I see that FTP is now
> totally missing from the BX services list on both the Server Management and
> Site Management screens. The FTP service is running, but I'm still unable
> to connect from a remote client. SFTP is ok.
Yeah, like said before: RPMforge and BlueOnyx don't get along at all. It
replaces too many RPMs that BlueOnyx depends on, which then will break things.
Hard.
If RPMforge also replaced your proftpd RPM *and* brought a different
/etc/proftpd.conf aboard, then things may get even more tricky to repair. In
that case check /etc/proftpd.conf and see if you find backup copies of your
proftpd.conf. They may be named /etc/proftpd.conf.rpmsave or therelike. Make a
copy of these before you do anything else.
Then check with "rpm -qa|grep ftp|sort -u" to see what FTP related RPMs are
present on your box.
On a fully "yum updated" BlueOnyx you should see these RPM's:
base-ftp-am-1.0.2-3BQ8.centos5
base-ftp-capstone-1.2.0-77BQ22.centos5
base-ftp-glue-1.2.0-77BQ22.centos5
base-ftp-locale-da_DK-1.2.0-77BQ22.centos5
base-ftp-locale-de_DE-1.2.0-77BQ22.centos5
base-ftp-locale-en-1.2.0-77BQ22.centos5
base-ftp-locale-ja-1.2.0-77BQ22.centos5
base-ftp-ui-1.2.0-77BQ22.centos5
ftp-0.17-35.el5
proftpd-1.3.1-1BQ1
If you see anything else, delete those RPM's with "rpm -e <RPM-NAME>" and then
"yum install" the versions listed above.
Once you've done that, you may have to manually restart a few services to get
things working again:
/etc/init.d/xinetd restart
/etc/init.d/cced.init restart
/etc/init.d/admserv restart
A "good" copy of the stock BlueOnyx /etc/proftpd.conf ought to look like this:
------------------------------------------------------------------------------------------------------
# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root at localhost
#ServerType standalone
ServerType inetd
DefaultServer on
AccessGrantMsg "User %u logged in."
#DisplayConnect /etc/ftpissue
#DisplayLogin /etc/ftpmotd
#DisplayGoAway /etc/ftpgoaway
DeferWelcome off
RequireValidShell off
# Use this to excude users from the chroot
DefaultRoot / wheel
DefaultRoot / admin-users
DefaultRoot ~/../../.. site-adm
DefaultRoot ~ !site-adm
# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Do not perform ident nor DNS lookups (hangs when the port is filtered)
TimesGMT off
IdentLookups off
# begin global -- do not delete
MaxClients 100000
IdentLookups off
UseReverseDNS off
# end global -- do not delete
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# Default to show dot files in directory listings
ListOptions "-a"
# See Configuration.html for these (here are the default values)
#MultilineRFC2228 off
#RootLogin off
LoginPasswordPrompt on
MaxLoginAttempts 3
#MaxClientsPerHost none
#AllowForeignAddress off # For FXP
# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart on
AllowStoreRestart on
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20
# Set the user and group that the server normally runs at.
User nobody
Group nobody
# Disable sendfile by default since it breaks displaying the download speeds
in
# ftptop and ftpwho
UseSendfile no
# This is where we want to put the pid file
ScoreboardFile /var/run/proftpd.score
# Normally, we want users to do a few things.
<Global>
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
# TLS
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSRequired off
TLSRSACertificateFile /etc/pki/dovecot/certs/dovecot.pem
TLSRSACertificateKeyFile /etc/pki/dovecot/private/dovecot.pem
TLSVerifyClient off
TLSOptions NoCertRequest
TLSRenegotiate required off
</IfModule>
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine on
#TLSRequired on
#TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
#TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
#TLSCipherSuite ALL:!ADH:!DES
#TLSOptions NoCertRequest
#TLSVerifyClient off
#TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
#TLSLog /var/log/proftpd/tls.log
# SQL authentication Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details.
#<IfModule mod_dso.c>
# LoadModule mod_sql.c
# LoadModule mod_sql_mysql.c
# LoadModule mod_sql_postgres.c
#</IfModule>
# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
# User ftp
# Group ftp
# AccessGrantMsg "Anonymous login ok, restrictions apply."
#
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 10 "Sorry, max %m users -- try again later"
#
# # Put the user into /pub right after login
# #DefaultChdir /pub
#
# # We want 'welcome.msg' displayed at login, '.message' displayed in
# # each newly chdired directory and tell users to read README* files.
# DisplayLogin /welcome.msg
# DisplayFirstChdir .message
# DisplayReadme README*
#
# # Some more cosmetic and not vital stuff
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE SITE_CHMOD>
# DenyAll
# </Limit>
#
# # An upload directory that allows storing files but not retrieving
# # or creating directories.
# <Directory uploads/*>
# AllowOverwrite no
# <Limit READ>
# DenyAll
# </Limit>
#
# <Limit STOR>
# AllowAll
# </Limit>
# </Directory>
#
# # Don't write anonymous accesses to the system wtmp file (good idea!)
# WtmpLog off
#
# # Logging for the anonymous transfers
# ExtendedLog /var/log/proftpd/access.log WRITE,READ default
# ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>
<VirtualHost 192.168.10.128>
DefaultRoot / wheel
DefaultRoot / admin-users
DefaultRoot ~/../../.. site-adm
DefaultRoot ~ !site-adm
AllowOverwrite on
DefaultChdir /web
DisplayLogin .ftphelp
</VirtualHost>
------------------------------------------------------------------------------------------------------
Of course your <VirtualHost></VirtualHost> section may look different
depending on your IP(s). Typically you have one VirtualHost container per IP.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list